From 8d9083dc9c3057687db812344b4f6d02e32821c2 Mon Sep 17 00:00:00 2001 From: Sylvain Ribstein Date: Fri, 2 Aug 2024 10:26:23 +0200 Subject: [PATCH 1/3] client/wallet: remove all aggregate code in favor Now that `tz4` keys type have been introduced the aggregate signers and the resit is a duplicate code. --- src/lib_client_base/client_keys.ml | 313 +----------------- src/lib_client_base/client_keys.mli | 124 +------ src/lib_client_base_unix/client_main_run.ml | 6 - .../client_keys_commands.ml | 167 +--------- .../client_keys_commands.mli | 35 -- src/lib_dac_node/event.ml | 4 +- src/lib_dac_node/handler.ml | 12 +- src/lib_dac_node/node_context.mli | 2 +- src/lib_dac_node/wallet_account.ml | 2 +- src/lib_dac_node/wallet_account.mli | 2 +- src/lib_dac_node/wallet_cctxt_helpers.ml | 23 +- src/lib_dac_node/wallet_cctxt_helpers.mli | 6 +- src/lib_octogram/tezos.ml | 8 +- src/lib_signer_backends/encrypted.ml | 83 ----- src/lib_signer_backends/encrypted.mli | 18 - .../test/test_encrypted.ml | 92 +---- src/lib_signer_backends/unencrypted.ml | 116 ++----- src/lib_signer_backends/unencrypted.mli | 16 +- tezt/lib_tezos/account.ml | 28 -- tezt/lib_tezos/account.mli | 34 +- tezt/lib_tezos/client.ml | 67 ---- tezt/lib_tezos/client.mli | 46 --- tezt/lib_tezos/constant.ml | 19 +- tezt/lib_tezos/dac_helper.ml | 19 +- tezt/lib_tezos/dac_helper.mli | 8 +- tezt/lib_tezos/dac_rpc.mli | 2 +- tezt/tests/client_keys.ml | 121 ------- tezt/tests/dac.ml | 45 +-- 28 files changed, 129 insertions(+), 1289 deletions(-) diff --git a/src/lib_client_base/client_keys.ml b/src/lib_client_base/client_keys.ml index 3cfc505aacca..01b8adea0dd3 100644 --- a/src/lib_client_base/client_keys.ml +++ b/src/lib_client_base/client_keys.ml @@ -157,30 +157,6 @@ let make_sapling_uri (x : Uri.t) : sapling_uri tzresult = | None -> tzfail (Exn (Failure "SAPLING_URI needs a scheme")) | Some _ -> return x -type aggregate_pk_uri = Uri.t - -type aggregate_sk_uri = Uri.t - -let make_aggregate_pk_uri (x : Uri.t) : aggregate_pk_uri tzresult = - let open Result_syntax in - match Uri.scheme x with - | None -> - tzfail - (Exn - (Failure "Error while parsing URI: AGGREGATE_PK_URI needs a scheme")) - (* because it's possible to make an aggregate pk uri without having the signer - in the client we can't check that scheme is linked to a known signer *) - | Some _ -> return x - -let make_aggregate_sk_uri (x : Uri.t) : aggregate_sk_uri tzresult = - let open Result_syntax in - match Uri.scheme x with - | None -> - tzfail - (Exn - (Failure "Error while parsing URI: AGGREGATE_SK_URI needs a scheme")) - | Some _ -> return x - let pk_uri_parameter () = Tezos_clic.parameter (fun _ s -> Lwt.return @@ make_pk_uri (Uri.of_string s)) @@ -211,22 +187,6 @@ let sk_uri_param ?name ?desc params = in Tezos_clic.param ~name ~desc (sk_uri_parameter ()) params -let aggregate_sk_uri_parameter () = - Tezos_clic.parameter (fun _ s -> - make_aggregate_sk_uri @@ Uri.of_string s |> Lwt.return) - -let aggregate_sk_uri_param ?name ?desc params = - let name = Option.value ~default:"uri" name in - let desc = - Option.value - ~default: - "secret key\n\ - Varies from one scheme to the other.\n\ - Use command `list signing schemes` for more information." - desc - in - Tezos_clic.param ~name ~desc (aggregate_sk_uri_parameter ()) params - type sapling_key = { sk : sapling_uri; (* zip32 derivation path *) @@ -275,99 +235,6 @@ module Sapling_key = Client_aliases.Alias (struct Lwt.return_ok @@ Json.to_string (Json.construct encoding k) end) -module Aggregate_alias = struct - module Public_key_hash = struct - include Client_aliases.Alias (struct - (* includes t, Compare, encoding, of/to_b58check *) - include Tezos_crypto.Aggregate_signature.Public_key_hash - - let of_source s = Lwt.return (of_b58check s) - - let to_source p = Lwt_result_syntax.return (to_b58check p) - - let name = "Aggregate_public_key_hash" - end) - end - - type pk_uri = Uri.t - - let make_pk_uri (x : Uri.t) : pk_uri tzresult = - let open Result_syntax in - match Uri.scheme x with - | None -> - tzfail - (Exn - (Failure "Error while parsing URI: AGGREGATE_PK_URI needs a scheme")) - | Some _ -> return x - - module Public_key = Client_aliases.Alias (struct - let name = "Aggregate_public_key" - - type t = pk_uri * Tezos_crypto.Aggregate_signature.Public_key.t option - - include Compare.Make (struct - type nonrec t = t - - let compare (apk, aso) (bpk, bso) = - Compare.or_else (CompareUri.compare apk bpk) (fun () -> - Option.compare - Tezos_crypto.Aggregate_signature.Public_key.compare - aso - bso) - end) - - let of_source s = - let open Lwt_result_syntax in - let*? pk_uri = make_pk_uri @@ Uri.of_string s in - return (pk_uri, None) - - let to_source (t, _) = Lwt_result_syntax.return (Uri.to_string t) - - let encoding = - let open Data_encoding in - union - [ - case - Json_only - uri_encoding - ~title:"Locator_only" - (function uri, None -> Some uri | _, Some _ -> None) - (fun uri -> (uri, None)); - case - Json_only - ~title:"Locator_and_full_key" - (obj2 - (req "locator" uri_encoding) - (req "key" Tezos_crypto.Aggregate_signature.Public_key.encoding)) - (function uri, Some key -> Some (uri, key) | _, None -> None) - (fun (uri, key) -> (uri, Some key)); - ] - end) - - type sk_uri = Uri.t - - let make_sk_uri (x : Uri.t) : sk_uri tzresult Lwt.t = - let open Lwt_result_syntax in - match Uri.scheme x with - | None -> - failwith "Error while parsing URI: AGGREGATE_SK_URI needs a scheme" - | Some _ -> return x - - module Secret_key = Client_aliases.Alias (struct - let name = "Aggregate_secret_key" - - type t = sk_uri - - include CompareUri - - let encoding = uri_encoding - - let of_source s = make_sk_uri @@ Uri.of_string s - - let to_source t = Lwt_result_syntax.return (Uri.to_string t) - end) -end - module type COMMON_SIGNER = sig val scheme : string @@ -400,22 +267,6 @@ module type COMMON_SIGNER = sig pk_uri -> (public_key_hash * public_key option) tzresult Lwt.t end -module type AGGREGATE_SIGNER = sig - include - COMMON_SIGNER - with type public_key_hash = - Tezos_crypto.Aggregate_signature.Public_key_hash.t - and type public_key = Tezos_crypto.Aggregate_signature.Public_key.t - and type secret_key = Tezos_crypto.Aggregate_signature.Secret_key.t - and type pk_uri = aggregate_pk_uri - and type sk_uri = aggregate_sk_uri - - val sign : - aggregate_sk_uri -> - Bytes.t -> - Tezos_crypto.Aggregate_signature.t tzresult Lwt.t -end - module Make_common_type (S : sig include Tezos_crypto.Intfs.COMMON_SIGNATURE @@ -437,14 +288,6 @@ struct type signature = S.t end -module Aggregate_type = Make_common_type (struct - include Tezos_crypto.Aggregate_signature - - type pk_uri = aggregate_pk_uri - - type sk_uri = aggregate_sk_uri -end) - module type Signature_S = sig include Tezos_crypto.Intfs.SIGNATURE @@ -597,19 +440,13 @@ module type SIGNER = and type secret_key = Tezos_crypto.Signature.Secret_key.t and type signature = Tezos_crypto.Signature.t -type signer = - | Simple of (module SIGNER) - | Aggregate of (module AGGREGATE_SIGNER) +type signer = (module SIGNER) let signers_table : signer String.Hashtbl.t = String.Hashtbl.create 13 let register_signer signer = let module Signer = (val signer : SIGNER) in - String.Hashtbl.replace signers_table Signer.scheme (Simple signer) - -let register_aggregate_signer signer = - let module Signer = (val signer : AGGREGATE_SIGNER) in - String.Hashtbl.replace signers_table Signer.scheme (Aggregate signer) + String.Hashtbl.replace signers_table Signer.scheme signer let registered_signers () : (string * signer) list = String.Hashtbl.fold (fun k v acc -> (k, v) :: acc) signers_table [] @@ -620,39 +457,6 @@ let find_signer_for_key ~scheme : signer tzresult = | None -> tzfail (Unregistered_key_scheme scheme) | Some signer -> return signer -let find_aggregate_signer_for_key ~scheme = - let open Result_syntax in - let* signer = find_signer_for_key ~scheme in - match signer with - | Simple _signer -> tzfail (Wrong_key_scheme ("aggregate", "standard")) - | Aggregate signer -> return signer - -let with_scheme_aggregate_signer (uri : Uri.t) - (f : (module AGGREGATE_SIGNER) -> 'a tzresult Lwt.t) : 'a tzresult Lwt.t = - let open Lwt_result_syntax in - match Uri.scheme uri with - | None -> tzfail @@ Unexisting_scheme uri - | Some scheme -> - let*? signer = find_aggregate_signer_for_key ~scheme in - f signer - -let register_aggregate_key cctxt ?(force = false) - (public_key_hash, pk_uri, sk_uri) ?public_key name = - let open Lwt_result_syntax in - let* () = - Aggregate_alias.Public_key.add ~force cctxt name (pk_uri, public_key) - in - let* () = Aggregate_alias.Secret_key.add ~force cctxt name sk_uri in - Aggregate_alias.Public_key_hash.add ~force cctxt name public_key_hash - -let aggregate_neuterize (sk_uri : sk_uri) : pk_uri tzresult Lwt.t = - with_scheme_aggregate_signer sk_uri (fun (module Signer : AGGREGATE_SIGNER) -> - Signer.neuterize sk_uri) - -let aggregate_public_key pk_uri = - with_scheme_aggregate_signer pk_uri (fun (module Signer : AGGREGATE_SIGNER) -> - Signer.public_key pk_uri) - (* This function is used to chose between two aliases associated to the same key hash; if we know the secret key for one of them we take it, otherwise if we know the public key for one of them @@ -663,108 +467,6 @@ let join_keys keys1_opt keys2 = | Some (_, _, Some _), _ -> keys1_opt | _ -> Some keys2 -(* For efficiency, this function avoids loading the wallet, except for - the call to [Public_key.update]. Indeed the arguments [pkhs], - [pks], [sks] represent the already loaded list of public key - hashes, public keys, and secret keys. *) -let raw_get_aggregate_key_aux (cctxt : #Client_context.wallet) pkhs pks sks pkh - = - let open Lwt_result_syntax in - let rev_find_all list pkh = - List.filter_map - (fun (name, pkh') -> - if Tezos_crypto.Aggregate_signature.Public_key_hash.equal pkh pkh' then - Some name - else None) - list - in - let names = rev_find_all pkhs pkh in - let* o = - List.fold_left_es - (fun keys_opt name -> - let sk_uri_opt = List.assoc ~equal:String.equal name sks in - let* pk_opt = - match List.assoc ~equal:String.equal name pks with - | None -> return_none - | Some (_, Some pk) -> return_some pk - | Some (pk_uri, None) -> - let* pk = aggregate_public_key pk_uri in - let* () = - Aggregate_alias.Public_key.update cctxt name (pk_uri, Some pk) - in - return_some pk - in - return @@ join_keys keys_opt (name, pk_opt, sk_uri_opt)) - None - names - in - match o with - | None -> - failwith - "no keys for the source contract %a" - Tezos_crypto.Aggregate_signature.Public_key_hash.pp - pkh - | Some keys -> return keys - -let raw_get_aggregate_key (cctxt : #Client_context.wallet) pkh = - let open Lwt_result_syntax in - let* pkhs = Aggregate_alias.Public_key_hash.load cctxt in - let* pks = Aggregate_alias.Public_key.load cctxt in - let* sks = Aggregate_alias.Secret_key.load cctxt in - raw_get_aggregate_key_aux cctxt pkhs pks sks pkh - -let list_aggregate_keys cctxt = - let open Lwt_result_syntax in - let* pkhs = Aggregate_alias.Public_key_hash.load cctxt in - let* pks = Aggregate_alias.Public_key.load cctxt in - let* sks = Aggregate_alias.Secret_key.load cctxt in - List.map_es - (fun (name, pkh) -> - let*! r = raw_get_aggregate_key_aux cctxt pkhs pks sks pkh in - match r with - | Ok (_name, pk, sk_uri) -> return (name, pkh, pk, sk_uri) - | Error _ -> return (name, pkh, None, None)) - pkhs - -let import_aggregate_secret_key ~io pk_uri = - with_scheme_aggregate_signer pk_uri (fun (module Signer : AGGREGATE_SIGNER) -> - Signer.import_secret_key ~io pk_uri) - -let alias_aggregate_keys cctxt name = - let open Lwt_result_syntax in - let* pkh = Aggregate_alias.Public_key_hash.find cctxt name in - let*! r = raw_get_aggregate_key cctxt pkh in - match r with - | Ok (_name, pk, sk_uri) -> return_some (pkh, pk, sk_uri) - | Error _ -> return_none - -let aggregate_sign cctxt sk_uri buf = - let open Lwt_result_syntax in - with_scheme_aggregate_signer sk_uri (fun (module Signer : AGGREGATE_SIGNER) -> - let* signature = Signer.sign sk_uri buf in - let* pk_uri = Signer.neuterize sk_uri in - let* pubkey = - let* o = Aggregate_alias.Secret_key.rev_find cctxt sk_uri in - match o with - | None -> aggregate_public_key pk_uri - | Some name -> ( - let* r = Aggregate_alias.Public_key.find cctxt name in - match r with - | _, None -> - let* pk = aggregate_public_key pk_uri in - let* () = - Aggregate_alias.Public_key.update cctxt name (pk_uri, Some pk) - in - return pk - | _, Some pubkey -> return pubkey) - in - let* () = - fail_unless - (Tezos_crypto.Aggregate_signature.check pubkey signature buf) - (Signature_mismatch sk_uri) - in - return signature) - module Make (Signature : Signature_S) : S with type public_key_hash := Signature.Public_key_hash.t @@ -926,9 +628,7 @@ module Make (Signature : Signature_S) : let find_simple_signer_for_key ~scheme = let open Result_syntax in let* signer = find_signer_for_key ~scheme in - match signer with - | Simple signer -> return (adapt_signer signer) - | Aggregate _signer -> tzfail (Wrong_key_scheme ("simple", "aggregate")) + match signer with signer -> return (adapt_signer signer) let with_scheme_simple_signer (uri : Uri.t) (f : (module V_SIGNER) -> 'a tzresult Lwt.t) : 'a tzresult Lwt.t = @@ -999,11 +699,8 @@ module Make (Signature : Signature_S) : Signer.deterministic_nonce_hash sk_uri data) let supports_deterministic_nonces sk_uri = - let open Lwt_result_syntax in - with_scheme_signer sk_uri (function - | Simple (module Signer : SIGNER) -> - Signer.supports_deterministic_nonces sk_uri - | Aggregate _ -> return_false) + with_scheme_signer sk_uri (function (module Signer : SIGNER) -> + Signer.supports_deterministic_nonces sk_uri) let register_key cctxt ?(force = false) (public_key_hash, pk_uri, sk_uri) ?public_key name = diff --git a/src/lib_client_base/client_keys.mli b/src/lib_client_base/client_keys.mli index c007eea8df1e..f16b65f46308 100644 --- a/src/lib_client_base/client_keys.mli +++ b/src/lib_client_base/client_keys.mli @@ -33,10 +33,6 @@ type sk_uri = private Uri.t type sapling_uri = private Uri.t -type aggregate_pk_uri = private Uri.t - -type aggregate_sk_uri = private Uri.t - val pk_uri_parameter : unit -> (pk_uri, 'a) Tezos_clic.parameter val pk_uri_param : @@ -53,15 +49,6 @@ val sk_uri_param : ('a, 'b) Tezos_clic.params -> (sk_uri -> 'a, 'b) Tezos_clic.params -val aggregate_sk_uri_parameter : - unit -> (aggregate_sk_uri, 'a) Tezos_clic.parameter - -val aggregate_sk_uri_param : - ?name:string -> - ?desc:string -> - ('a, 'b) Tezos_clic.params -> - (aggregate_sk_uri -> 'a, 'b) Tezos_clic.params - type error += Unregistered_key_scheme of string type error += Invalid_uri of Uri.t @@ -76,43 +63,6 @@ type sapling_key = { module Sapling_key : Client_aliases.Alias with type t = sapling_key -(** [Aggregate_alias] contains the implementation needed for the wallet to have - the correspondence between aliases and keys. It has three sub-module - [Public_key] [Public_key_hash] [Secret_key]. The reason of a sub-module - inside a sub-module is not confuse them with the alias module for the - standard signature (i.e. [Public_key], [Public_key_hash], and [Secret_key]). - - On possible refactor would be to move the alias definition in - [Tezos_crypto.Aggregate_signature] (resp. [Tezos_crypto.Signature]). - - See [Client_aliases] for more information about Aliases.*) -module Aggregate_alias : sig - module Public_key_hash : - Client_aliases.Alias - with type t = Tezos_crypto.Aggregate_signature.Public_key_hash.t - - module Public_key : - Client_aliases.Alias - with type t = - aggregate_pk_uri * Tezos_crypto.Aggregate_signature.Public_key.t option - - module Secret_key : Client_aliases.Alias with type t = aggregate_sk_uri -end - -module Aggregate_type : sig - type public_key_hash = Tezos_crypto.Aggregate_signature.Public_key_hash.t - - type public_key = Tezos_crypto.Aggregate_signature.Public_key.t - - type secret_key = Tezos_crypto.Aggregate_signature.Secret_key.t - - type signature = Tezos_crypto.Aggregate_signature.t - - type pk_uri = aggregate_pk_uri - - type sk_uri = aggregate_sk_uri -end - module Logging : sig val tag : string Tag.def end @@ -168,22 +118,6 @@ module type COMMON_SIGNER = sig pk_uri -> (public_key_hash * public_key option) tzresult Lwt.t end -module type AGGREGATE_SIGNER = sig - include - COMMON_SIGNER - with type public_key_hash = - Tezos_crypto.Aggregate_signature.Public_key_hash.t - and type public_key = Tezos_crypto.Aggregate_signature.Public_key.t - and type secret_key = Tezos_crypto.Aggregate_signature.Secret_key.t - and type pk_uri = aggregate_pk_uri - and type sk_uri = aggregate_sk_uri - - val sign : - aggregate_sk_uri -> - Bytes.t -> - Tezos_crypto.Aggregate_signature.t tzresult Lwt.t -end - module type SIGNER = sig include COMMON_SIGNER @@ -215,9 +149,7 @@ module type SIGNER = sig val supports_deterministic_nonces : sk_uri -> bool tzresult Lwt.t end -type signer = - | Simple of (module SIGNER) - | Aggregate of (module AGGREGATE_SIGNER) +type signer = (module SIGNER) (** [register_signer signer] registers first-class module [signer] as signer for keys with scheme [(val signer : SIGNER).scheme]. *) @@ -225,56 +157,6 @@ val register_signer : (module SIGNER) -> unit val registered_signers : unit -> (string * signer) list -(** [register_aggregate_signer signer] registers first-class module [signer] as - signer for keys with scheme [(val signer : AGGREGATE_SIGNER).scheme]. *) -val register_aggregate_signer : (module AGGREGATE_SIGNER) -> unit - -val aggregate_neuterize : aggregate_sk_uri -> aggregate_pk_uri tzresult Lwt.t - -val register_aggregate_key : - #Client_context.wallet -> - ?force:bool -> - Tezos_crypto.Aggregate_signature.Public_key_hash.t - * aggregate_pk_uri - * aggregate_sk_uri -> - ?public_key:Tezos_crypto.Aggregate_signature.Public_key.t -> - string -> - unit tzresult Lwt.t - -val list_aggregate_keys : - #Client_context.wallet -> - (string - * Tezos_crypto.Aggregate_signature.Public_key_hash.t - * Tezos_crypto.Aggregate_signature.Public_key.t option - * aggregate_sk_uri option) - list - tzresult - Lwt.t - -val import_aggregate_secret_key : - io:Client_context.io_wallet -> - aggregate_pk_uri -> - (Tezos_crypto.Aggregate_signature.Public_key_hash.t - * Tezos_crypto.Aggregate_signature.Public_key.t option) - tzresult - Lwt.t - -val alias_aggregate_keys : - #Client_context.wallet -> - string -> - (Tezos_crypto.Aggregate_signature.Public_key_hash.t - * Tezos_crypto.Aggregate_signature.Public_key.t option - * aggregate_sk_uri option) - option - tzresult - Lwt.t - -val aggregate_sign : - #Client_context.wallet -> - aggregate_sk_uri -> - Bytes.t -> - Tezos_crypto.Aggregate_signature.t tzresult Lwt.t - module type S = sig type public_key_hash @@ -427,10 +309,6 @@ val make_pk_uri : Uri.t -> pk_uri tzresult val make_sk_uri : Uri.t -> sk_uri tzresult -val make_aggregate_pk_uri : Uri.t -> aggregate_pk_uri tzresult - -val make_aggregate_sk_uri : Uri.t -> aggregate_sk_uri tzresult - val make_sapling_uri : Uri.t -> sapling_uri tzresult (** Mnemonic of 24 common english words from which a key can be derived. diff --git a/src/lib_client_base_unix/client_main_run.ml b/src/lib_client_base_unix/client_main_run.ml index 2a1b346198ab..0f00e56ffc42 100644 --- a/src/lib_client_base_unix/client_main_run.ml +++ b/src/lib_client_base_unix/client_main_run.ml @@ -123,13 +123,7 @@ let register_default_signer ?other_registrations ?logger (module Tezos_signer_backends.Encrypted.Make (struct let cctxt = cctxt end)) ; - Client_keys.register_aggregate_signer - (module Tezos_signer_backends.Encrypted.Make_aggregate (struct - let cctxt = cctxt - end)) ; Client_keys.register_signer (module Tezos_signer_backends.Unencrypted) ; - Client_keys.register_aggregate_signer - (module Tezos_signer_backends.Unencrypted.Aggregate) ; Client_keys.register_signer (module Tezos_signer_backends_unix.Ledger.Signer_implementation) ; Client_keys.register_signer (module Socket.Unix) ; diff --git a/src/lib_client_commands/client_keys_commands.ml b/src/lib_client_commands/client_keys_commands.ml index 8d7e1b9d25af..8ccfb8fd88ba 100644 --- a/src/lib_client_commands/client_keys_commands.ml +++ b/src/lib_client_commands/client_keys_commands.ml @@ -376,118 +376,6 @@ let generate_test_keys = let*! () = cctxt#message "%a@." Data_encoding.Json.pp json in return_unit) -let aggregate_fail_if_already_registered cctxt force pk_uri name = - let open Lwt_result_syntax in - let* pk_opt = Aggregate_alias.Public_key.find_opt cctxt name in - match pk_opt with - | None -> return_unit - | Some (pk_uri_found, _) -> - fail_unless - (pk_uri = pk_uri_found || force) - (error_of_fmt - "public and secret keys '%s' don't correspond, please don't use \ - --force" - name) - -module Bls_commands = struct - open Lwt_result_syntax - - let generate_keys ~force ~encrypted name (cctxt : #Client_context.io_wallet) = - let* name = Aggregate_alias.Secret_key.of_fresh cctxt force name in - let mnemonic = Mnemonic.new_random in - let*! () = - cctxt#message - "It is important to save this mnemonic in a secure place:@\n\ - @\n\ - %a@\n\ - @\n\ - The mnemonic can be used to recover your spending key.@." - Mnemonic.words_pp - (Bip39.to_words mnemonic) - in - let seed = Mnemonic.to_32_bytes mnemonic in - let pkh, pk, sk = Tezos_crypto.Aggregate_signature.generate_key ~seed () in - let*? pk_uri = Tezos_signer_backends.Unencrypted.Aggregate.make_pk pk in - let* sk_uri = - if encrypted then - Tezos_signer_backends.Encrypted.prompt_twice_and_encrypt_aggregate - cctxt - sk - else Tezos_signer_backends.Unencrypted.Aggregate.make_sk sk |> Lwt.return - in - register_aggregate_key - cctxt - ~force - (pkh, pk_uri, sk_uri) - ~public_key:pk - name - - let list_keys (cctxt : #Client_context.io_wallet) = - let* aggregate_keys_list = list_aggregate_keys cctxt in - List.iter_es - (fun (name, pkh, pk, sk) -> - let* pkh_str = Aggregate_alias.Public_key_hash.to_source pkh in - let*! () = - match (pk, sk) with - | None, None -> cctxt#message "%s: %s" name pkh_str - | _, Some uri -> - let scheme = - Option.value ~default:"aggregate_unencrypted" - @@ Uri.scheme (uri : aggregate_sk_uri :> Uri.t) - in - cctxt#message "%s: %s (%s sk known)" name pkh_str scheme - | Some _, _ -> cctxt#message "%s: %s (pk known)" name pkh_str - in - return_unit) - aggregate_keys_list - - let show_address ~show_private name (cctxt : #Client_context.io_wallet) = - let* keys_opt = alias_aggregate_keys cctxt name in - match keys_opt with - | None -> - let*! () = cctxt#error "No keys found for address" in - return_unit - | Some (pkh, pk, skloc) -> ( - let*! () = - cctxt#message - "Hash: %a" - Tezos_crypto.Aggregate_signature.Public_key_hash.pp - pkh - in - match pk with - | None -> return_unit - | Some pk -> - let*! () = - cctxt#message - "Public Key: %a" - Tezos_crypto.Aggregate_signature.Public_key.pp - pk - in - if show_private then - Option.iter_es - (fun skloc -> - let* skloc = Aggregate_alias.Secret_key.to_source skloc in - let*! () = cctxt#message "Secret Key: %s" skloc in - return_unit) - skloc - else return_unit) - - let import_secret_key ~force name sk_uri (cctxt : #Client_context.io_wallet) = - let* name = Aggregate_alias.Secret_key.of_fresh cctxt false name in - let* pk_uri = aggregate_neuterize sk_uri in - let* () = aggregate_fail_if_already_registered cctxt force pk_uri name in - let* pkh, public_key = - import_aggregate_secret_key ~io:(cctxt :> Client_context.io_wallet) pk_uri - in - let*! () = - cctxt#message - "Bls address added: %a" - Tezos_crypto.Aggregate_signature.Public_key_hash.pp - pkh - in - register_aggregate_key cctxt (pkh, pk_uri, sk_uri) ?public_key name -end - let commands network : Client_context.full Tezos_clic.command list = let open Lwt_result_syntax in let open Tezos_clic in @@ -527,19 +415,12 @@ let commands network : Client_context.full Tezos_clic.command list = List.iter_s (fun (n, signer) -> match signer with - | Simple (module S : SIGNER) -> + | (module S : SIGNER) -> cctxt#message "@[Scheme `%s`: %s@,@[%a@]@]" n S.title Format.pp_print_text - S.description - | Aggregate (module S : AGGREGATE_SIGNER) -> - cctxt#message - "@[Aggregate scheme `%s`: %s@,@[%a@]@]" - n - S.title - Format.pp_print_text S.description) signers in @@ -957,50 +838,4 @@ let commands network : Client_context.full Tezos_clic.command list = pkh in return_unit); - (let desc = "Generate a pair of BLS keys." in - let force_switch = Aggregate_alias.Secret_key.force_switch in - let cmd = - prefixes ["bls"; "gen"; "keys"] - @@ Aggregate_alias.Secret_key.fresh_alias_param @@ stop - in - match network with - | Some `Mainnet -> - command - ~group - ~desc - (args1 (force_switch ())) - cmd - (fun force name (cctxt : #Client_context.full) -> - Bls_commands.generate_keys ~force ~encrypted:true name cctxt) - | Some `Testnet | None -> - command - ~group - ~desc - (args2 (force_switch ()) (encrypted_switch ())) - cmd - (fun (force, encrypted) name (cctxt : #Client_context.full) -> - Bls_commands.generate_keys ~force ~encrypted name cctxt)); - command - ~group - ~desc:"List BlS keys." - no_options - (prefixes ["bls"; "list"; "keys"] @@ stop) - (fun () cctxt -> Bls_commands.list_keys cctxt); - command - ~group - ~desc:"Show the keys associated with an rollup account." - (args1 show_private_switch) - (prefixes ["bls"; "show"; "address"] - @@ Aggregate_alias.Public_key_hash.alias_param @@ stop) - (fun show_private (name, _pkh) (cctxt : #Client_context.full) -> - Bls_commands.show_address ~show_private name cctxt); - command - ~group - ~desc:"Add a secret key to the wallet." - (args1 (Aggregate_alias.Secret_key.force_switch ())) - (prefixes ["bls"; "import"; "secret"; "key"] - @@ Aggregate_alias.Secret_key.fresh_alias_param - @@ aggregate_sk_uri_param @@ stop) - (fun force name sk_uri cctxt -> - Bls_commands.import_secret_key ~force name sk_uri cctxt); ] diff --git a/src/lib_client_commands/client_keys_commands.mli b/src/lib_client_commands/client_keys_commands.mli index 2988ff528f47..c8ed9cd33346 100644 --- a/src/lib_client_commands/client_keys_commands.mli +++ b/src/lib_client_commands/client_keys_commands.mli @@ -23,40 +23,5 @@ (* *) (*****************************************************************************) -(** BLS commands are used by rollup clients to handle their keys directly. *) -module Bls_commands : sig - (** [generate_keys ~force ~encrypted alias cctxt] generates a BLS - based pair of keys with a fresh mnemonic with [alias] as - alias. If [force] is [true], it will replace the alias if it - already exists. If [encrypted] is [true], then it will ask for a - passphrase, and encrypt the generated key. *) - val generate_keys : - force:bool -> - encrypted:bool -> - Client_keys.Aggregate_alias.Secret_key.fresh_param -> - #Client_context.io_wallet -> - unit tzresult Lwt.t - - (** [list_keys cctxt] lists the BLS keys known by the wallet. *) - val list_keys : #Client_context.io_wallet -> unit tzresult Lwt.t - - (** [show_address ~show_private alias] shows the address corresponding to given [alias]. *) - val show_address : - show_private:bool -> - string -> - #Client_context.io_wallet -> - unit tzresult Lwt.t - - (** [import_secret_key ~force alias uri cctxt] imports a secret key from [uri] - as [alias] in the wallet. If [force] is [true], it will replace the alias - if it already exists. *) - val import_secret_key : - force:bool -> - Client_keys.Aggregate_alias.Secret_key.fresh_param -> - Client_keys.aggregate_sk_uri -> - #Client_context.io_wallet -> - unit tzresult Lwt.t -end - val commands : [`Mainnet | `Testnet] option -> Client_context.full Tezos_clic.command list diff --git a/src/lib_dac_node/event.ml b/src/lib_dac_node/event.ml index e63c567f569d..e45cc945a27e 100644 --- a/src/lib_dac_node/event.ml +++ b/src/lib_dac_node/event.ml @@ -178,7 +178,7 @@ let committee_member_cannot_sign = wallet, but its secret key URI is not available. This account won't be \ used for signing DAC root hash pages." ~level:Warning - ("tz4_account", Tezos_crypto.Aggregate_signature.Public_key_hash.encoding) + ("tz4_account", Tezos_crypto.Signature.Public_key_hash.encoding) let commit_member_no_public_key = declare_1 @@ -189,7 +189,7 @@ let commit_member_no_public_key = client wallet, but its public key is not available. Signatures from \ this account cannot be verified and will be ignored." ~level:Warning - ("tz4_account", Tezos_crypto.Aggregate_signature.Public_key_hash.encoding) + ("tz4_account", Tezos_crypto.Signature.Public_key_hash.encoding) let handle_new_subscription_to_hash_streamer = declare_0 diff --git a/src/lib_dac_node/handler.ml b/src/lib_dac_node/handler.ml index cae8902a4d01..780df79b0e2b 100644 --- a/src/lib_dac_node/handler.ml +++ b/src/lib_dac_node/handler.ml @@ -95,7 +95,7 @@ let infinite_daemon_max_delay = 128. - [connect] is a streamed daemon constructor. - [~on_disconnect] is used to emit event when the daemon disconnects. - [~on_failed_connection] is used to emit event when unable to re-establish - connection. + connection. TODO: https://gitlab.com/tezos/tezos/-/issues/5931 We would want an upper bound in [max_retries] for this function. @@ -192,6 +192,13 @@ let new_head ctxt = {li Send the signature back to the [Coordinaotor].} } *) module Committee_member = struct + let from_signature = function + | (Bls sig_ : Tezos_crypto.Signature.signature) -> + Result_syntax.return @@ Tezos_crypto.Aggregate_signature.Bls12_381 sig_ + | _ -> + Result_syntax.tzfail + (error_of_fmt "invalid signature. Signature is not of Bls.") + let push_payload_signature coordinator_cctxt wallet_cctxt committee_member root_hash = let open Lwt_result_syntax in @@ -201,11 +208,12 @@ module Committee_member = struct let secret_key_uri = committee_member.secret_key_uri in let bytes_to_sign = Dac_plugin.hash_to_bytes root_hash in let* signature = - Tezos_client_base.Client_keys.aggregate_sign + Tezos_client_base.Client_keys.sign wallet_cctxt secret_key_uri bytes_to_sign in + let*? signature = from_signature signature in let signature_repr = Signature_repr.make (Dac_plugin.hash_to_raw root_hash) diff --git a/src/lib_dac_node/node_context.mli b/src/lib_dac_node/node_context.mli index 5795c11c03e0..de9ec23bfbea 100644 --- a/src/lib_dac_node/node_context.mli +++ b/src/lib_dac_node/node_context.mli @@ -71,7 +71,7 @@ module Committee_member : sig (** [secret_key_uri t] returns the secret key URI associated with the committee member managed by the [Committee_member] node. *) - val secret_key_uri : t -> Client_keys.aggregate_sk_uri + val secret_key_uri : t -> Client_keys.sk_uri end (** The type of an [Observer] specific partial [Node_context.t]. *) diff --git a/src/lib_dac_node/wallet_account.ml b/src/lib_dac_node/wallet_account.ml index d7961dbe229a..b2c9bda9115a 100644 --- a/src/lib_dac_node/wallet_account.ml +++ b/src/lib_dac_node/wallet_account.ml @@ -63,7 +63,7 @@ module Committee_member = struct type t = { public_key_hash : Aggregate_signature.public_key_hash; - secret_key_uri : Client_keys.aggregate_sk_uri; + secret_key_uri : Client_keys.sk_uri; } let of_committee_member_address pkh cctxt = diff --git a/src/lib_dac_node/wallet_account.mli b/src/lib_dac_node/wallet_account.mli index f1daa25b3862..7a86f08e4d1d 100644 --- a/src/lib_dac_node/wallet_account.mli +++ b/src/lib_dac_node/wallet_account.mli @@ -52,7 +52,7 @@ module Committee_member : sig committee members. *) type t = { public_key_hash : Tezos_crypto.Aggregate_signature.public_key_hash; - secret_key_uri : Client_keys.aggregate_sk_uri; + secret_key_uri : Client_keys.sk_uri; } (** [of_committee_member_address pkh wallet_cctxt] constructs a value of diff --git a/src/lib_dac_node/wallet_cctxt_helpers.ml b/src/lib_dac_node/wallet_cctxt_helpers.ml index 42a2ee4accd8..1aae10e9d582 100644 --- a/src/lib_dac_node/wallet_cctxt_helpers.ml +++ b/src/lib_dac_node/wallet_cctxt_helpers.ml @@ -23,21 +23,28 @@ (* *) (*****************************************************************************) -module Aggregate_signature = Tezos_crypto.Aggregate_signature - -let get_keys cctxt pkh = +let get_keys cctxt (pkh : Tezos_crypto.Aggregate_signature.public_key_hash) = let open Lwt_result_syntax in let open Tezos_client_base.Client_keys in - let* alias = Aggregate_alias.Public_key_hash.rev_find cctxt pkh in + let (Bls12_381 bls_pkh) = pkh in + let simple_pkh : Tezos_crypto.Signature.public_key_hash = + Signature.Bls bls_pkh + in + let* alias = Public_key_hash.rev_find cctxt simple_pkh in match alias with | None -> return (pkh, None, None) | Some alias -> ( - let* keys_opt = alias_aggregate_keys cctxt alias in + let* keys_opt = alias_keys cctxt alias in match keys_opt with - | None -> + | Some (_pkh, Some (Bls pk), sk_uri_opt) -> + let (aggregate_pk : Tezos_crypto.Aggregate_signature.public_key) = + Tezos_crypto.Aggregate_signature.Bls12_381 pk + in + return (pkh, Some aggregate_pk, sk_uri_opt) + | _ -> + (* none or not bls key *) let*! () = Event.(emit committee_member_not_in_wallet pkh) in - return (pkh, None, None) - | Some (pkh, pk_opt, sk_uri_opt) -> return (pkh, pk_opt, sk_uri_opt)) + return (pkh, None, None)) let get_public_key cctxt address = let open Lwt_result_syntax in diff --git a/src/lib_dac_node/wallet_cctxt_helpers.mli b/src/lib_dac_node/wallet_cctxt_helpers.mli index a93ae10575b7..9688fad4b963 100644 --- a/src/lib_dac_node/wallet_cctxt_helpers.mli +++ b/src/lib_dac_node/wallet_cctxt_helpers.mli @@ -32,7 +32,7 @@ val get_keys : Tezos_crypto.Aggregate_signature.public_key_hash -> (Tezos_crypto.Aggregate_signature.public_key_hash * Tezos_crypto.Aggregate_signature.public_key option - * Client_keys.aggregate_sk_uri option) + * Client_keys.sk_uri option) tzresult Lwt.t @@ -49,7 +49,7 @@ val get_public_key : val can_verify : Tezos_crypto.Aggregate_signature.public_key_hash * Tezos_crypto.Aggregate_signature.public_key option - * Client_keys.aggregate_sk_uri option -> + * Client_keys.sk_uri option -> bool (** [can_sign (pkh, pk_opt, sk_uri_opt)] checks whether the secret key URI @@ -57,5 +57,5 @@ val can_verify : val can_sign : Tezos_crypto.Aggregate_signature.public_key_hash * Tezos_crypto.Aggregate_signature.public_key option tzresult - * Client_keys.aggregate_sk_uri option -> + * Client_keys.sk_uri option -> bool diff --git a/src/lib_octogram/tezos.ml b/src/lib_octogram/tezos.ml index 397c6133bea3..ed6d2023197b 100644 --- a/src/lib_octogram/tezos.ml +++ b/src/lib_octogram/tezos.ml @@ -2270,8 +2270,8 @@ module Start_dac_node = struct let* committee_members = Lwt_list.map_p (fun name -> - let* account = Client.bls_show_address client ~alias:name in - return account.aggregate_public_key) + let* account = Client.show_address client ~alias:name in + return account.public_key) committee_members_aliases in let dac_node = @@ -2291,7 +2291,7 @@ module Start_dac_node = struct state ; return dac_node | Member {alias; coordinator} -> - let* member_account = Client.bls_show_address client ~alias in + let* member_account = Client.show_address client ~alias in let coordinator_rpc_host, coordinator_rpc_port = dac_rpc_info state `Coordinator coordinator in @@ -2303,7 +2303,7 @@ module Start_dac_node = struct ?name:args.name ~client ~endpoint - ~address:member_account.aggregate_public_key_hash + ~address:member_account.public_key_hash ~coordinator_rpc_host ~coordinator_rpc_port () diff --git a/src/lib_signer_backends/encrypted.ml b/src/lib_signer_backends/encrypted.ml index 00ddea790e82..7f96b40d996d 100644 --- a/src/lib_signer_backends/encrypted.ml +++ b/src/lib_signer_backends/encrypted.ml @@ -42,8 +42,6 @@ open Client_keys let scheme = "encrypted" -let aggregate_scheme = "aggregate_encrypted" - module Raw = struct (* https://tools.ietf.org/html/rfc2898#section-4.1 *) let salt_len = 8 @@ -313,34 +311,11 @@ let internal_decrypt_simple (cctxt : #Client_context.prompter) ?name sk_uri = let* decrypted_sk = decrypt_payload cctxt ?name payload in match decrypted_sk with Decrypted_sk sk -> return sk -let internal_decrypt_aggregate (cctxt : #Client_context.prompter) ?name - aggregate_sk_uri = - let open Lwt_result_syntax in - let payload = Uri.path (aggregate_sk_uri : aggregate_sk_uri :> Uri.t) in - let* decrypted_sk = decrypt_payload cctxt ?name payload in - match decrypted_sk with - | Decrypted_sk (Bls sk) -> - return - (Tezos_crypto.Aggregate_signature.(Bls12_381 sk) - : Tezos_crypto.Aggregate_signature.secret_key) - | _ -> - failwith - "Found a non-aggregate secret key where an aggregate one was expected." - let decrypt (cctxt : #Client_context.prompter) ?name sk_uri = let open Lwt_result_syntax in let* () = password_file_load cctxt in internal_decrypt_simple (cctxt : #Client_context.prompter) ?name sk_uri -let decrypt_aggregate (cctxt : #Client_context.prompter) ?name aggregate_sk_uri - = - let open Lwt_result_syntax in - let* () = password_file_load cctxt in - internal_decrypt_aggregate - (cctxt : #Client_context.prompter) - ?name - aggregate_sk_uri - let decrypt_all (cctxt : #Client_context.io_wallet) = let open Lwt_result_syntax in let* sks = Secret_key.load cctxt in @@ -396,30 +371,13 @@ let internal_encrypt_simple sk password = let*? v = Client_keys.make_sk_uri (Uri.make ~scheme ~path ()) in return v -let internal_encrypt_aggregate sk password = - let open Lwt_result_syntax in - let path = common_encrypt sk password in - let*? v = - Client_keys.make_aggregate_sk_uri - (Uri.make ~scheme:aggregate_scheme ~path ()) - in - return v - let encrypt sk password = internal_encrypt_simple (Decrypted_sk sk) password -let encrypt_aggregate (Bls12_381 sk : Aggregate_type.secret_key) password = - internal_encrypt_aggregate (Decrypted_sk (Bls sk)) password - let prompt_twice_and_encrypt cctxt sk = let open Lwt_result_syntax in let* password = read_password cctxt in encrypt sk password -let prompt_twice_and_encrypt_aggregate cctxt sk = - let open Lwt_result_syntax in - let* password = read_password cctxt in - encrypt_aggregate sk password - module Sapling_raw = struct let salt_len = 8 @@ -553,44 +511,3 @@ struct let supports_deterministic_nonces _ = Lwt_result_syntax.return_true end - -module Make_aggregate (C : sig - val cctxt : Client_context.io_wallet -end) = -struct - let scheme = "aggregate_encrypted" - - let title = "Built-in signer using encrypted aggregate keys." - - let description = - "Valid aggregate secret key URIs are of the form\n\ - \ - aggregate_encrypted:\n\ - where is the encrypted (password protected using Nacl's \ - cryptobox and pbkdf) secret key, formatted in unprefixed \ - Tezos_crypto.Base58.\n\ - Valid aggregate public key URIs are of the form\n\ - \ - aggregate_encrypted:\n\ - where is the public key in Tezos_crypto.Base58." - - include Client_keys.Aggregate_type - - let public_key = Unencrypted.Aggregate.public_key - - let public_key_hash = Unencrypted.Aggregate.public_key_hash - - let import_secret_key = Unencrypted.Aggregate.import_secret_key - - let neuterize sk_uri = - let open Lwt_result_syntax in - let* sk = decrypt_aggregate C.cctxt sk_uri in - let*? v = - Unencrypted.Aggregate.make_pk - (Tezos_crypto.Aggregate_signature.Secret_key.to_public_key sk) - in - return v - - let sign sk_uri buf = - let open Lwt_result_syntax in - let* sk = decrypt_aggregate C.cctxt sk_uri in - return (Tezos_crypto.Aggregate_signature.sign sk buf) -end diff --git a/src/lib_signer_backends/encrypted.mli b/src/lib_signer_backends/encrypted.mli index 2be1ae1a2943..02b41007168d 100644 --- a/src/lib_signer_backends/encrypted.mli +++ b/src/lib_signer_backends/encrypted.mli @@ -27,22 +27,12 @@ module Make (C : sig val cctxt : Client_context.io_wallet end) : Client_keys.SIGNER -module Make_aggregate (C : sig - val cctxt : Client_context.io_wallet -end) : Client_keys.AGGREGATE_SIGNER - val decrypt : #Client_context.io_wallet -> ?name:string -> Client_keys.sk_uri -> Tezos_crypto.Signature.secret_key tzresult Lwt.t -val decrypt_aggregate : - #Client_context.io_wallet -> - ?name:string -> - Client_keys.aggregate_sk_uri -> - Tezos_crypto.Aggregate_signature.secret_key tzresult Lwt.t - val decrypt_all : #Client_context.io_wallet -> unit tzresult Lwt.t val decrypt_list : @@ -61,14 +51,6 @@ val prompt_twice_and_encrypt : Tezos_crypto.Signature.secret_key -> Client_keys.sk_uri tzresult Lwt.t -(** [prompt_twice_and_encrypt_aggregate cctxt sk] Prompts password twice to user - for confirmation and returns the corresponding encrypted aggregate secret - key *) -val prompt_twice_and_encrypt_aggregate : - #Client_context.io -> - Tezos_crypto.Aggregate_signature.secret_key -> - Client_keys.aggregate_sk_uri tzresult Lwt.t - val encrypt_sapling_key : #Client_context.io -> Tezos_sapling.Core.Wallet.Spending_key.t -> diff --git a/src/lib_signer_backends/test/test_encrypted.ml b/src/lib_signer_backends/test/test_encrypted.ml index fa04352eaf5c..5bcab54f342a 100644 --- a/src/lib_signer_backends/test/test_encrypted.ml +++ b/src/lib_signer_backends/test/test_encrypted.ml @@ -113,11 +113,6 @@ let make_sk_uris = List.map_e (fun path -> Client_keys.make_sk_uri (Uri.make ~scheme:"encrypted" ~path ())) -let make_aggregate_sk_uris = - List.map_e (fun path -> - Client_keys.make_aggregate_sk_uri - (Uri.make ~scheme:"aggregate_encrypted" ~path ())) - let ed25519_sks = [ "edsk3kMNLNdzLPbbABASDLARft8JRZ3Wpwibn8SMAb4KmuWSMJmAFd"; @@ -171,7 +166,7 @@ let bls12_381_sks = ] let bls12_381_sks_encrypted = - make_aggregate_sk_uris + make_sk_uris [ "BLesk1ExnCaFxVcGFvKFQrPs2AADo2KpukB6bhA8SLASRzZ58uqvSNUNyzdNdya5NPgE1BAFwcN3wtyFv76r1GJ9"; "BLesk1c92TTyYAbkt5Aa2g2puGZHy1M9hQVX7um7PYpxfsjbaaiYsqR2ahArH53WGSvbvzUBizgPipMyfmh8bCs5"; @@ -183,11 +178,6 @@ let sk_testable = Tezos_crypto.Signature.Secret_key.pp Tezos_crypto.Signature.Secret_key.equal -let aggregate_sk_testable = - Alcotest.testable - Tezos_crypto.Aggregate_signature.Secret_key.pp - Tezos_crypto.Aggregate_signature.Secret_key.equal - let test_vectors () = let open Encrypted in List.iter_es @@ -205,24 +195,9 @@ let test_vectors () = (ed25519_sks, ed25519_sks_encrypted); (secp256k1_sks, secp256k1_sks_encrypted); (p256_sks, p256_sks_encrypted); + (bls12_381_sks, bls12_381_sks_encrypted); ] -let test_vectors_aggregate () = - let open Encrypted in - List.iter_es - (fun (sks, encrypted_sks) -> - let open Lwt_result_syntax in - let ctx = fake_ctx () in - let sks = - List.map Tezos_crypto.Aggregate_signature.Secret_key.of_b58check_exn sks - in - let*? l = encrypted_sks in - let* decs = List.map_es (decrypt_aggregate ctx) l in - assert ( - List.equal Tezos_crypto.Aggregate_signature.Secret_key.equal decs sks) ; - return_unit) - [(bls12_381_sks, bls12_381_sks_encrypted)] - let test_random algo = let open Encrypted in let ctx = fake_ctx () in @@ -241,31 +216,7 @@ let test_random algo = in inner 0 -let test_random_aggregate () = - let open Encrypted in - let ctx = fake_ctx () in - let decrypt_ctx = (ctx :> Client_context.io_wallet) in - let rec inner i = - let open Lwt_result_syntax in - if i >= loops then return_unit - else - let _, _, sk = Tezos_crypto.Aggregate_signature.generate_key () in - let* sk_uri = - Tezos_signer_backends.Encrypted.prompt_twice_and_encrypt_aggregate - ctx - sk - in - let* decrypted_sk = decrypt_aggregate decrypt_ctx sk_uri in - Alcotest.check - aggregate_sk_testable - "test_encrypt_aggregate: decrypt" - sk - decrypted_sk ; - inner (succ i) - in - inner 0 - -(** For each of the algorithms [[Ed25519; Secp256k1; P256]], creates a +(** For each of the algorithms [[Ed25519; Secp256k1; P256; Bls]], creates a dummy context. It randomly generates a Base58-encoded secret key, then encrypts it into a URI and decrypts it. It it asserted that the secret key is preserved after Base58-decoding comparison. This @@ -274,13 +225,15 @@ let test_random_aggregate () = let test_random _switch () = let open Lwt_syntax in let* r = - List.iter_es test_random Tezos_crypto.Signature.[Ed25519; Secp256k1; P256] + List.iter_es + test_random + Tezos_crypto.Signature.[Ed25519; Secp256k1; P256; Bls] in match r with | Ok _ -> Lwt.return_unit | Error _ -> Lwt.fail_with "test_random" -(** For each of the algorithms [[Ed25519; Secp256k1; P256]], creates a +(** For each of the algorithms [[Ed25519; Secp256k1; P256; Bls]], creates a dummy context, uses it to decrypt a list of secret key URIs [...__sks_encrypted]. It is asserted that the decrypted keys shall match the list [..._sks]. @@ -292,41 +245,10 @@ let test_vectors _switch () = | Ok _ -> Lwt.return_unit | Error _ -> Lwt.fail_with "test_vectors" -(** For BLS12_381, creates a dummy context. It randomly generates a - Base58-encoded secret key, then encrypts it into a URI and decrypts it. It - it asserted that the secret key is preserved after Base58-decoding - comparison. This process is repeated 10 times. -*) -let test_random_aggregate _ () = - let open Lwt_syntax in - let* r = test_random_aggregate () in - match r with - | Ok _ -> Lwt.return_unit - | Error _ -> Lwt.fail_with "test_random" - -(** For BLS12_381, creates a dummy context, uses it to decrypt a list of secret - key URIs [...__sks_encrypted]. It is asserted that the decrypted keys shall - match the list [..._sks]. -*) -let test_vectors_aggregate _switch () = - let open Lwt_syntax in - let* r = test_vectors_aggregate () in - match r with - | Ok _ -> Lwt.return_unit - | Error _ -> Lwt.fail_with "test_vectors_aggregate" - let tests = [ Alcotest_lwt.test_case "random_roundtrip" `Quick test_random; Alcotest_lwt.test_case "vectors_decrypt" `Quick test_vectors; - Alcotest_lwt.test_case - "aggregate_random_roundtrip" - `Quick - test_random_aggregate; - Alcotest_lwt.test_case - "aggregate_vectors_decrypt" - `Quick - test_vectors_aggregate; ] let () = diff --git a/src/lib_signer_backends/unencrypted.ml b/src/lib_signer_backends/unencrypted.ml index 93f6a324d862..7c1821da9867 100644 --- a/src/lib_signer_backends/unencrypted.ml +++ b/src/lib_signer_backends/unencrypted.ml @@ -23,6 +23,8 @@ (* *) (*****************************************************************************) +include Client_keys.Signature_type + let scheme = "unencrypted" let title = "Built-in signer using raw unencrypted keys." @@ -31,10 +33,18 @@ let description = "Please DO NOT USE this signer outside of test environments.\n\ Valid secret key URIs are of the form\n\ \ - unencrypted:\n\ - where is the secret key in Tezos_crypto.Base58.\n\ + where is the secret key in Base58.\n\ Valid public key URIs are of the form\n\ \ - unencrypted:\n\ - where is the public key in Tezos_crypto.Base58." + where is the public key in Base58." + +let secret_key sk_uri = + Lwt.return + (Signature.Secret_key.of_b58check (Uri.path (sk_uri : sk_uri :> Uri.t))) + +let make_sk sk = + Client_keys.make_sk_uri + (Uri.make ~scheme ~path:(Signature.Secret_key.to_b58check sk) ()) let make_sapling_key sk = let path = @@ -44,104 +54,40 @@ let make_sapling_key sk = in Client_keys.make_sapling_uri (Uri.make ~scheme ~path ()) -module Make_common (S : sig - include Tezos_crypto.Intfs.COMMON_SIGNATURE - - type public_key_hash = Public_key_hash.t - - type public_key = Public_key.t - - type secret_key = Secret_key.t - - type signature = t - - type sk_uri = private Uri.t - - type pk_uri = private Uri.t - - val make_sk_uri : Uri.t -> sk_uri tzresult - - val make_pk_uri : Uri.t -> pk_uri tzresult - - val scheme : string -end) = -struct - include S - - let scheme = S.scheme - - let title = title - - let description = description +let public_key pk_uri = + Lwt.return + (Signature.Public_key.of_b58check (Uri.path (pk_uri : pk_uri :> Uri.t))) - let secret_key sk_uri = - Secret_key.of_b58check (Uri.path (sk_uri : sk_uri :> Uri.t)) |> Lwt.return +let make_pk pk = + Client_keys.make_pk_uri + (Uri.make ~scheme ~path:(Signature.Public_key.to_b58check pk) ()) - let make_sk sk : sk_uri tzresult = - make_sk_uri (Uri.make ~scheme ~path:(S.Secret_key.to_b58check sk) ()) - - let public_key pk_uri = - Public_key.of_b58check (Uri.path (pk_uri : pk_uri :> Uri.t)) |> Lwt.return - - let make_pk pk : pk_uri tzresult = - make_pk_uri (Uri.make ~scheme ~path:(Public_key.to_b58check pk) ()) - - let neuterize sk_uri = - let open Lwt_result_syntax in - let* sk = secret_key sk_uri in - let*? v = make_pk (Secret_key.to_public_key sk) in - return v - - let public_key_hash pk_uri = - let open Lwt_result_syntax in - let* pk = public_key pk_uri in - return (Public_key.hash pk, Some pk) - - let import_secret_key ~io:_ = public_key_hash -end - -include Make_common (struct - include Tezos_crypto.Signature - include Client_keys.Signature_type - - let make_sk_uri = Client_keys.make_sk_uri +let neuterize sk_uri = + let open Lwt_result_syntax in + let* sk = secret_key sk_uri in + let*? v = make_pk (Signature.Secret_key.to_public_key sk) in + return v - let make_pk_uri = Client_keys.make_pk_uri +let public_key_hash pk_uri = + let open Lwt_result_syntax in + let* pk = public_key pk_uri in + return (Signature.Public_key.hash pk, Some pk) - let scheme = scheme -end) +let import_secret_key ~io:_ = public_key_hash let sign ?watermark sk_uri buf = let open Lwt_result_syntax in let* sk = secret_key sk_uri in - return (Tezos_crypto.Signature.sign ?watermark sk buf) + return (Signature.sign ?watermark sk buf) let deterministic_nonce sk_uri buf = let open Lwt_result_syntax in let* sk = secret_key sk_uri in - return (Tezos_crypto.Signature.deterministic_nonce sk buf) + return (Signature.deterministic_nonce sk buf) let deterministic_nonce_hash sk_uri buf = let open Lwt_result_syntax in let* sk = secret_key sk_uri in - return (Tezos_crypto.Signature.deterministic_nonce_hash sk buf) + return (Signature.deterministic_nonce_hash sk buf) let supports_deterministic_nonces _ = Lwt_result_syntax.return_true - -module Aggregate = struct - include Make_common (struct - include Tezos_crypto.Aggregate_signature - include Client_keys.Aggregate_type - - let make_sk_uri = Client_keys.make_aggregate_sk_uri - - let make_pk_uri = Client_keys.make_aggregate_pk_uri - - let scheme = "aggregate_" ^ scheme - end) - - let sign sk_uri buf = - let open Lwt_result_syntax in - let+ sk = secret_key sk_uri in - Tezos_crypto.Aggregate_signature.sign sk buf -end diff --git a/src/lib_signer_backends/unencrypted.mli b/src/lib_signer_backends/unencrypted.mli index 56abce218586..748254cb7597 100644 --- a/src/lib_signer_backends/unencrypted.mli +++ b/src/lib_signer_backends/unencrypted.mli @@ -25,21 +25,9 @@ include Client_keys.SIGNER -val make_pk : Tezos_crypto.Signature.public_key -> Client_keys.pk_uri tzresult +val make_pk : Signature.public_key -> Client_keys.pk_uri tzresult -val make_sk : Tezos_crypto.Signature.secret_key -> Client_keys.sk_uri tzresult +val make_sk : Signature.secret_key -> Client_keys.sk_uri tzresult val make_sapling_key : Tezos_sapling.Core.Wallet.Spending_key.t -> Client_keys.sapling_uri tzresult - -module Aggregate : sig - include Client_keys.AGGREGATE_SIGNER - - val make_sk : - Tezos_crypto.Aggregate_signature.secret_key -> - Client_keys.aggregate_sk_uri tzresult - - val make_pk : - Tezos_crypto.Aggregate_signature.public_key -> - Client_keys.aggregate_pk_uri tzresult -end diff --git a/tezt/lib_tezos/account.ml b/tezt/lib_tezos/account.ml index f747019edb1e..f6b1171c11c9 100644 --- a/tezt/lib_tezos/account.ml +++ b/tezt/lib_tezos/account.ml @@ -33,13 +33,6 @@ type key = { secret_key : secret_key; } -type aggregate_key = { - aggregate_alias : string; - aggregate_public_key_hash : string; - aggregate_public_key : string; - aggregate_secret_key : secret_key; -} - let require_unencrypted_secret_key ~__LOC__ = function | Unencrypted b58_secret_key -> b58_secret_key | Encrypted _ -> @@ -189,24 +182,3 @@ let parse_client_output ~alias ~client_output = | _ -> Test.fail "Could not parse [show address] output: %s" client_output in {alias; public_key_hash; public_key; secret_key} - -let parse_client_output_aggregate ~alias ~client_output = - let aggregate_public_key_hash, aggregate_public_key = - parse_client_output_public_keys ~client_output - in - let aggregate_secret_key = - (* group of letters and digits after "Secret Key: aggregate_unencrypted" - e.g. "BLsk1hKAHyGqY9qRbgoSVnjiSmDWpKGjFF3WNQ7BaiaMUA6RMA6Pfq" Note: The - tests only use unencrypted keys for the moment. If this changes, please - update secret key parsing. *) - client_output - =~* rex "Secret Key: aggregate_unencrypted:?(\\w*)" - |> mandatory "secret key" - |> fun sk -> Unencrypted sk - in - { - aggregate_alias = alias; - aggregate_public_key_hash; - aggregate_public_key; - aggregate_secret_key; - } diff --git a/tezt/lib_tezos/account.mli b/tezt/lib_tezos/account.mli index 8ea91d3a437e..c20f59b8f49a 100644 --- a/tezt/lib_tezos/account.mli +++ b/tezt/lib_tezos/account.mli @@ -52,24 +52,6 @@ type key = { (** A [Check.typ] for [key] *) val key_typ : key Check.typ -(** Keys associated to an aggregatable account. For example: -{[ - { - aggregate_alias = "bls_account"; - aggregate_public_key_hash = "tz4EECtMxAuJ9UDLaiMZH7G1GCFYUWsj8HZn"; - aggregate_public_key = - "BLpk1yUiLJ7RezbyViD5ZvWTfQndM3TRRYmvYWkUfH2EJqsLFnzzvpJss6pbuz3U1DDMpk8v16nV"; - aggregate_secret_key = - Unencrypted "BLsk1hKAHyGqY9qRbgoSVnjiSmDWpKGjFF3WNQ7BaiaMUA6RMA6Pfq"; - } -]} *) -type aggregate_key = { - aggregate_alias : string; - aggregate_public_key_hash : string; - aggregate_public_key : string; - aggregate_secret_key : secret_key; -} - (** [sign_bytes ~watermark ~signer message] signs the bytes [message] with [signer]'s secret key. Returns the corresponding Tezos signature. This function can be used to sign transactions, blocks, etc. depending on @@ -85,8 +67,8 @@ val sign_bytes : (** [require_unencrypted_secret_key ~__LOC__ key] returns [sk] if [key] is [Unencrypted sk], or fails. *) val require_unencrypted_secret_key : __LOC__:string -> secret_key -> string -(** [uri_of_secret_key secret_key] returns [secret_key] as an URI. - +(** [uri_of_secret_key secret_key] returns [secret_key] as an URI. + The URI of a secret key is its contents prefixed [unencrypted:] respectively [encrypted:] if it is unencrypted respetively encrypted. *) val uri_of_secret_key : secret_key -> string @@ -120,15 +102,3 @@ v} and returns the corresponding key. *) val parse_client_output : alias:string -> client_output:string -> key - -(** [parse_client_output_aggregate ~alias ~client_output] extracts keys from - clients output that yields result of the form -{v - Hash: tz4EECtMxAuJ9UDLaiMZH7G1GCFYUWsj8HZn - Public Key: BLpk1yUiLJ7RezbyViD5ZvWTfQndM3TRRYmvYWkUfH2EJqsLFnzzvpJss6pbuz3U1DDMpk8v16nV - Secret Key: aggregate_unencrypted:BLsk1hKAHyGqY9qRbgoSVnjiSmDWpKGjFF3WNQ7BaiaMUA6RMA6Pfq -v} - and returns the corresponding key. -*) -val parse_client_output_aggregate : - alias:string -> client_output:string -> aggregate_key diff --git a/tezt/lib_tezos/client.ml b/tezt/lib_tezos/client.ml index 489b32e73199..b825357d3179 100644 --- a/tezt/lib_tezos/client.ml +++ b/tezt/lib_tezos/client.ml @@ -1056,73 +1056,6 @@ let spawn_add_address ?(force = false) client ~alias ~src = let add_address ?force client ~alias ~src = spawn_add_address ?force client ~alias ~src |> Process.check -let spawn_bls_gen_keys ?hooks ?(force = false) ?alias client = - let alias = - match alias with - | None -> - incr id ; - sf "tezt_%d" !id - | Some alias -> alias - in - ( spawn_command - ?hooks - client - (["bls"; "gen"; "keys"; alias] @ optional_switch "force" force), - alias ) - -let bls_gen_keys ?hooks ?force ?alias client = - let p, alias = spawn_bls_gen_keys ?hooks ?force ?alias client in - let* () = Process.check p in - return alias - -let spawn_bls_list_keys ?hooks client = - spawn_command ?hooks client ["bls"; "list"; "keys"] - -let parse_list_keys output = - output |> String.trim |> String.split_on_char '\n' - |> List.map (fun s -> - match s =~** rex "^(\\w+): (\\w{36})" with - | Some s -> s - | None -> - Test.fail - ~__LOC__ - "Cannot extract `list keys` format from client_output: %s" - output) - -let bls_list_keys ?hooks client = - let* out = - spawn_bls_list_keys ?hooks client |> Process.check_and_read_stdout - in - return (parse_list_keys out) - -let spawn_bls_show_address ?hooks ~alias client = - spawn_command ?hooks client ["bls"; "show"; "address"; alias; "--show-secret"] - -let bls_show_address ?hooks ~alias client = - let* out = - spawn_bls_show_address ?hooks ~alias client |> Process.check_and_read_stdout - in - return (Account.parse_client_output_aggregate ~alias ~client_output:out) - -let bls_gen_and_show_keys ?alias client = - let* alias = bls_gen_keys ?alias client in - bls_show_address ~alias client - -let spawn_bls_import_secret_key ?hooks ?(force = false) - (key : Account.aggregate_key) client = - let sk_uri = - "aggregate_unencrypted:" - ^ Account.require_unencrypted_secret_key ~__LOC__ key.aggregate_secret_key - in - spawn_command - ?hooks - client - (["bls"; "import"; "secret"; "key"; key.aggregate_alias; sk_uri] - @ if force then ["--force"] else []) - -let bls_import_secret_key ?hooks ?force key sc_client = - spawn_bls_import_secret_key ?hooks ?force key sc_client |> Process.check - let spawn_transfer ?env ?hooks ?log_output ?endpoint ?(wait = "none") ?burn_cap ?fee ?gas_limit ?safety_guard ?storage_limit ?counter ?entrypoint ?arg ?(simulation = false) ?(force = false) ~amount ~giver ~receiver client = diff --git a/tezt/lib_tezos/client.mli b/tezt/lib_tezos/client.mli index 1e11d82d06a7..ad32d7671a78 100644 --- a/tezt/lib_tezos/client.mli +++ b/tezt/lib_tezos/client.mli @@ -794,10 +794,6 @@ val add_address : ?force:bool -> t -> alias:string -> src:string -> unit Lwt.t val spawn_add_address : ?force:bool -> t -> alias:string -> src:string -> Process.t -(** Run [octez-client bls gen keys ]. *) -val bls_gen_keys : - ?hooks:Process.hooks -> ?force:bool -> ?alias:string -> t -> string Lwt.t - (** Run [octez-client activate accoung with ]. *) val activate_account : ?wait:string -> t -> alias:string -> activation_key:string -> unit Lwt.t @@ -806,48 +802,6 @@ val activate_account : val spawn_activate_account : ?wait:string -> t -> alias:string -> activation_key:string -> Process.t -(** Run [octez-client bls list keys]. - - Returns the known BLS aliases associated to their public key hash. - - Fails if the format is not of the form [: ]. *) -val bls_list_keys : ?hooks:Process.hooks -> t -> (string * string) list Lwt.t - -(** Run [octez-client bls show address ] and parse - the output into an [Account.aggregate_key]. - E.g. for [~alias:"bls_account"] the command yields: -{v - Hash: tz4EECtMxAuJ9UDLaiMZH7G1GCFYUWsj8HZn - Public Key: BLpk1yUiLJ7RezbyViD5ZvWTfQndM3TRRYmvYWkUfH2EJqsLFnzzvpJss6pbuz3U1DDMpk8v16nV - Secret Key: aggregate_unencrypted:BLsk1hKAHyGqY9qRbgoSVnjiSmDWpKGjFF3WNQ7BaiaMUA6RMA6Pfq -v} - which becomes: -{[ - { - aggregate_alias = "bls_account"; - aggregate_public_key_hash = "tz4EECtMxAuJ9UDLaiMZH7G1GCFYUWsj8HZn"; - aggregate_public_key = - "BLpk1yUiLJ7RezbyViD5ZvWTfQndM3TRRYmvYWkUfH2EJqsLFnzzvpJss6pbuz3U1DDMpk8v16nV"; - aggregate_secret_key = - Unencrypted "BLsk1hKAHyGqY9qRbgoSVnjiSmDWpKGjFF3WNQ7BaiaMUA6RMA6Pfq"; - } -]} *) -val bls_show_address : - ?hooks:Process.hooks -> alias:string -> t -> Account.aggregate_key Lwt.t - -(** A helper to run [octez-client bls gen keys] followed by - [octez-client bls show address] to get the generated key. *) -val bls_gen_and_show_keys : ?alias:string -> t -> Account.aggregate_key Lwt.t - -(** Run [octez-client bls import secret key - ]. *) -val bls_import_secret_key : - ?hooks:Process.hooks -> - ?force:bool -> - Account.aggregate_key -> - t -> - unit Lwt.t - (** Run [octez-client transfer amount from giver to receiver]. *) val transfer : ?hooks:Process.hooks -> diff --git a/tezt/lib_tezos/constant.ml b/tezt/lib_tezos/constant.ml index e2850dd53661..a799f177e794 100644 --- a/tezt/lib_tezos/constant.ml +++ b/tezt/lib_tezos/constant.ml @@ -191,25 +191,16 @@ let sc_rollup_compressed_state = (** A valid base58 encoded layer-2 account to be used to test transaction and smart contract rollups. *) -let aggregate_tz4_account : Account.aggregate_key = +let tz4_account : Account.key = { - aggregate_alias = "bls_test_account"; - aggregate_public_key_hash = "tz4EECtMxAuJ9UDLaiMZH7G1GCFYUWsj8HZn"; - aggregate_public_key = + alias = "bls_test_account"; + public_key_hash = "tz4EECtMxAuJ9UDLaiMZH7G1GCFYUWsj8HZn"; + public_key = "BLpk1yUiLJ7RezbyViD5ZvWTfQndM3TRRYmvYWkUfH2EJqsLFnzzvpJss6pbuz3U1DDMpk8v16nV"; - aggregate_secret_key = + secret_key = Unencrypted "BLsk1hKAHyGqY9qRbgoSVnjiSmDWpKGjFF3WNQ7BaiaMUA6RMA6Pfq"; } -(** The same as {!aggregate_tz4_account} but for use on layer 1. *) -let tz4_account : Account.key = - { - alias = aggregate_tz4_account.aggregate_alias; - public_key_hash = aggregate_tz4_account.aggregate_public_key_hash; - public_key = aggregate_tz4_account.aggregate_public_key; - secret_key = aggregate_tz4_account.aggregate_secret_key; - } - (** The `echo` kernel that is listed in the “Smart Optimistic Rollups” section of the reference manual. *) let wasm_echo_kernel_boot_sector = diff --git a/tezt/lib_tezos/dac_helper.ml b/tezt/lib_tezos/dac_helper.ml index c81985b0099a..54330775ede7 100644 --- a/tezt/lib_tezos/dac_helper.ml +++ b/tezt/lib_tezos/dac_helper.ml @@ -32,7 +32,7 @@ module Scenarios = struct sc_rollup_address : string; sc_rollup_node : Sc_rollup_node.t; coordinator_node : Dac_node.t; - committee_members : Account.aggregate_key list; + committee_members : Account.key list; committee_members_nodes : Dac_node.t list; observer_nodes : Dac_node.t list; rollup_nodes : Sc_rollup_node.t list; @@ -130,9 +130,7 @@ let with_coordinator_node ?name ?sc_rollup_node ?(pvm_name = "arith") ?reveal_data_dir ~allow_v1_api ~committee_members: - (List.map - (fun (dc : Account.aggregate_key) -> dc.aggregate_public_key) - committee_members) + (List.map (fun (dc : Account.key) -> dc.public_key) committee_members) () in let* _dir = Dac_node.init_config dac_node in @@ -246,7 +244,7 @@ let scenario_with_full_dac_infrastructure ?supports ?(tags = ["dac"; "full"]) (fun keys i -> let* keys in let* key = - Client.bls_gen_and_show_keys + Client.gen_and_show_keys ~alias:(Format.sprintf "committee-member-%d" i) client in @@ -256,8 +254,11 @@ let scenario_with_full_dac_infrastructure ?supports ?(tags = ["dac"; "full"]) in let* () = Lwt_list.iter_s - (fun (aggregate_key : Account.aggregate_key) -> - Client.bls_import_secret_key aggregate_key client) + (fun (aggregate_key : Account.key) -> + Client.import_secret_key + client + aggregate_key.secret_key + ~alias:aggregate_key.alias) custom_committee_members in let committee_members = @@ -277,14 +278,14 @@ let scenario_with_full_dac_infrastructure ?supports ?(tags = ["dac"; "full"]) @@ fun coordinator_node committee_members -> let committee_members_nodes = List.mapi - (fun i Account.{aggregate_public_key_hash; _} -> + (fun i Account.{public_key_hash; _} -> Dac_node.create_committee_member ~name:("committee-member-" ^ Int.to_string i) ~node ~client ~coordinator_rpc_host:(Dac_node.rpc_host coordinator_node) ~coordinator_rpc_port:(Dac_node.rpc_port coordinator_node) - ~address:aggregate_public_key_hash + ~address:public_key_hash ~allow_v1_api ()) committee_members diff --git a/tezt/lib_tezos/dac_helper.mli b/tezt/lib_tezos/dac_helper.mli index c97f329a80a0..8dedea3ca313 100644 --- a/tezt/lib_tezos/dac_helper.mli +++ b/tezt/lib_tezos/dac_helper.mli @@ -37,7 +37,7 @@ module Scenarios : sig sc_rollup_address : string; sc_rollup_node : Sc_rollup_node.t; coordinator_node : Dac_node.t; - committee_members : Account.aggregate_key list; + committee_members : Account.key list; committee_members_nodes : Dac_node.t list; observer_nodes : Dac_node.t list; rollup_nodes : Sc_rollup_node.t list; @@ -54,10 +54,10 @@ val with_coordinator_node : ?pvm_name:string -> ?wait_ready:bool -> ?allow_v1_api:bool -> - committee_members:Account.aggregate_key list -> + committee_members:Account.key list -> Node.t -> Client.t -> - (Dac_node.t -> Account.aggregate_key list -> 'a Lwt.t) -> + (Dac_node.t -> Account.key list -> 'a Lwt.t) -> 'a Lwt.t (** Initializes a a Committee Member Dac node with key [committee_member]. @@ -107,7 +107,7 @@ val scenario_with_full_dac_infrastructure : ?tags:string list -> ?uses:(Protocol.t -> Uses.t list) -> ?pvm_name:string -> - ?custom_committee_members:Account.aggregate_key list -> + ?custom_committee_members:Account.key list -> ?commitment_period:int -> ?challenge_window:int -> ?event_sections_levels:(string * Daemon.Level.level) list -> diff --git a/tezt/lib_tezos/dac_rpc.mli b/tezt/lib_tezos/dac_rpc.mli index 069cd7bcf083..3185be13eab8 100644 --- a/tezt/lib_tezos/dac_rpc.mli +++ b/tezt/lib_tezos/dac_rpc.mli @@ -47,7 +47,7 @@ module V0 : sig val put_dac_member_signature : hex_root_hash:Hex.t -> dac_member_pkh:string -> - signature:Tezos_crypto.Aggregate_signature.t -> + signature:Tezos_crypto.Aggregate_signature.signature -> unit RPC_core.t (** [get_missing_page ~hex_root_hash] calls diff --git a/tezt/tests/client_keys.ml b/tezt/tests/client_keys.ml index 31279dff9fbd..b6d353860219 100644 --- a/tezt/tests/client_keys.ml +++ b/tezt/tests/client_keys.ml @@ -30,126 +30,6 @@ Subject: Checks client wallet commands *) -module BLS_aggregate_wallet = struct - let check_shown_account ~__LOC__ (expected : Account.aggregate_key) - (shown : Account.aggregate_key) = - if expected.aggregate_public_key_hash <> shown.aggregate_public_key_hash - then - Test.fail - ~__LOC__ - "Expecting %s, got %s as public key hash from the client " - expected.aggregate_public_key_hash - shown.aggregate_public_key_hash - else if expected.aggregate_public_key <> shown.aggregate_public_key then - Test.fail - ~__LOC__ - "Expecting %s, got %s as public key from the client " - expected.aggregate_public_key - shown.aggregate_public_key - else if expected.aggregate_secret_key <> shown.aggregate_secret_key then - let sk = Account.uri_of_secret_key shown.aggregate_secret_key in - let expected_sk = Account.uri_of_secret_key shown.aggregate_secret_key in - Test.fail - ~__LOC__ - "Expecting %s, got %s as secret key from the client " - expected_sk - sk - else return () - - let test_bls_import_secret_key () = - Test.register - ~__FILE__ - ~tags:["aggregate"; "client"; "keys"] - ~title:"Import BLS secret key in aggregate wallet" - ~uses_node:false - (fun () -> - let* client = Client.init () in - let* () = - Client.bls_import_secret_key Constant.aggregate_tz4_account client - in - let* shown_account = - Client.bls_show_address - ~alias:Constant.aggregate_tz4_account.Account.aggregate_alias - client - in - check_shown_account - ~__LOC__ - Constant.aggregate_tz4_account - shown_account) - - let test_bls_show_address () = - Test.register - ~__FILE__ - ~tags:["aggregate"; "client"; "keys"] - ~title:"Shows the address of a registered BLS account in aggregate wallet" - ~uses_node:false - (fun () -> - let* client = Client.init () in - let* () = - Client.bls_import_secret_key Constant.aggregate_tz4_account client - in - let* shown_account = - Client.bls_show_address - ~alias:Constant.aggregate_tz4_account.Account.aggregate_alias - client - in - check_shown_account - ~__LOC__ - Constant.aggregate_tz4_account - shown_account) - - let test_bls_gen_keys () = - Test.register - ~__FILE__ - ~tags:["aggregate"; "client"; "keys"] - ~title:"Generates new tz4 keys in aggregate wallet" - ~uses_node:false - (fun () -> - let* client = Client.init () in - let* alias = Client.bls_gen_keys client in - let* _account = Client.bls_show_address ~alias client in - return ()) - - let test_bls_list_keys () = - Test.register - ~__FILE__ - ~tags:["aggregate"; "client"; "keys"] - ~title:"Lists known BLS aliases in the client's aggregate wallet" - ~uses_node:false - (fun () -> - let* client = Client.init () in - let Account.{aggregate_alias; aggregate_public_key_hash; _} = - Constant.aggregate_tz4_account - in - let* () = - Client.bls_import_secret_key Constant.aggregate_tz4_account client - in - let* maybe_keys = Client.bls_list_keys client in - let expected_keys = [(aggregate_alias, aggregate_public_key_hash)] in - if List.equal ( = ) expected_keys maybe_keys then return () - else - let pp ppf l = - Format.pp_print_list - ~pp_sep:(fun ppf () -> Format.fprintf ppf "\n") - (fun ppf (a, k) -> Format.fprintf ppf "%s: %s" a k) - ppf - l - in - Test.fail - ~__LOC__ - "Expecting\n@[%a@]\ngot\n@[%a@]\nas keys from the client " - pp - expected_keys - pp - maybe_keys) - - let register_protocol_independent () = - test_bls_import_secret_key () ; - test_bls_show_address () ; - test_bls_gen_keys () ; - test_bls_list_keys () -end - module BLS_normal_wallet = struct let check_shown_account ~__LOC__ (expected : Account.key) (shown : Account.key) = @@ -436,7 +316,6 @@ module Wallet = struct end let register_protocol_independent () = - BLS_aggregate_wallet.register_protocol_independent () ; BLS_normal_wallet.register_protocol_independent () ; Wallet.register_protocol_independent () diff --git a/tezt/tests/dac.ml b/tezt/tests/dac.ml index d4d49b8eea4a..1505cd559875 100644 --- a/tezt/tests/dac.ml +++ b/tezt/tests/dac.ml @@ -59,10 +59,10 @@ let assert_verify_aggregate_signature members_keys hex_root_hash agg_sig_b58 = let root_hash = Hex.to_bytes hex_root_hash in let data = List.map - (fun (member : Account.aggregate_key) -> + (fun (member : Account.key) -> let pk = Tezos_crypto.Aggregate_signature.Public_key.of_b58check_exn - member.aggregate_public_key + member.public_key in (pk, None, root_hash)) members_keys @@ -157,9 +157,9 @@ let wait_for_l1_tracking_ended dac_node = Dac_node.wait_for dac_node "new_head_daemon_connection_lost.v0" (fun _ -> Some ()) -let bls_sign_hex_hash (signer : Account.aggregate_key) hex_root_hash = +let bls_sign_hex_hash (signer : Account.key) hex_root_hash = let sk = - match signer.aggregate_secret_key with + match signer.secret_key with | Unencrypted sk -> sk | Encrypted encsk -> raise (Invalid_argument encsk) in @@ -765,7 +765,7 @@ module Full_infrastructure = struct match committee_member_opt with | None -> (rev_signatures, witnesses) | Some committee_member -> ( - match committee_member.Account.aggregate_secret_key with + match committee_member.Account.secret_key with | Encrypted _ -> (* Encrypted aggregate keys are not used in dac tests. *) Stdlib.failwith @@ -1166,14 +1166,17 @@ module Full_infrastructure = struct let test_non_committee_signer_should_fail tz_client (coordinator_node, hex_root_hash, _dac_committee) = let* invalid_signer_key = - Client.bls_gen_and_show_keys ~alias:"invalid_signer" tz_client + Client.gen_and_show_keys + ~sig_alg:"bls" + ~alias:"invalid_signer" + tz_client in let signature = bls_sign_hex_hash invalid_signer_key hex_root_hash in let result = Dac_helper.Call_endpoint.V0.put_dac_member_signature coordinator_node ~hex_root_hash - ~dac_member_pkh:invalid_signer_key.aggregate_public_key_hash + ~dac_member_pkh:invalid_signer_key.public_key_hash ~signature in assert_lwt_failure @@ -1188,16 +1191,14 @@ module Full_infrastructure = struct let member_i = Random.int (List.length dac_committee) in let memberi = List.nth dac_committee member_i in let memberj = - List.find - (fun (dc : Account.aggregate_key) -> memberi <> dc) - dac_committee + List.find (fun (dc : Account.key) -> memberi <> dc) dac_committee in let signature = bls_sign_hex_hash memberi hex_root_hash in let result = Dac_helper.Call_endpoint.V0.put_dac_member_signature coordinator_node ~hex_root_hash - ~dac_member_pkh:memberj.aggregate_public_key_hash + ~dac_member_pkh:memberj.public_key_hash ~signature in assert_lwt_failure @@ -1221,13 +1222,13 @@ module Full_infrastructure = struct in let* members_keys = List.fold_left - (fun keys ((member : Account.aggregate_key), signature) -> + (fun keys ((member : Account.key), signature) -> let* keys in let* () = Dac_helper.Call_endpoint.V0.put_dac_member_signature coordinator_node ~hex_root_hash - ~dac_member_pkh:member.aggregate_public_key_hash + ~dac_member_pkh:member.public_key_hash ~signature in return (member :: keys)) @@ -1252,7 +1253,7 @@ module Full_infrastructure = struct let member_i = 2 in let member = List.nth dac_committee member_i in let signature = bls_sign_hex_hash member hex_root_hash in - let dac_member_pkh = member.aggregate_public_key_hash in + let dac_member_pkh = member.public_key_hash in let call () = Dac_helper.Call_endpoint.V0.put_dac_member_signature coordinator_node @@ -1280,7 +1281,7 @@ module Full_infrastructure = struct in let member = List.nth dac_committee 0 in let signature = bls_sign_hex_hash member false_root_hash in - let dac_member_pkh = member.aggregate_public_key_hash in + let dac_member_pkh = member.public_key_hash in let result = Dac_helper.Call_endpoint.V0.put_dac_member_signature coordinator_node @@ -1327,7 +1328,7 @@ module Full_infrastructure = struct Dac_helper.Call_endpoint.V0.put_dac_member_signature coordinator_node ~hex_root_hash - ~dac_member_pkh:member.aggregate_public_key_hash + ~dac_member_pkh:member.public_key_hash ~signature in let* witnesses, signature, _root_hash, _version = @@ -1704,10 +1705,10 @@ module Tx_kernel_e2e = struct let open Tezos_crypto.Signature.Bls in let open Sc_rollup_helpers.Installer_kernel_config in List.mapi - (fun idx Account.{aggregate_public_key; _} -> + (fun idx Account.{public_key; _} -> let to_ = Printf.sprintf "/kernel/dac.committee/%d" idx in let (`Hex value) = - aggregate_public_key |> Public_key.of_b58check_exn + public_key |> Public_key.of_b58check_exn |> Data_encoding.Binary.to_bytes_exn Public_key.encoding |> Hex.of_bytes in @@ -2054,7 +2055,7 @@ module Tx_kernel_e2e = struct let test_tx_kernel_e2e_with_dac_observer_synced_with_dac = let commitment_period = 10 in let challenge_window = 10 in - let custom_committee_members = [Constant.aggregate_tz4_account] in + let custom_committee_members = [Constant.tz4_account] in Dac_helper.scenario_with_full_dac_infrastructure ~__FILE__ ~tags:["wasm"; "kernel"; "wasm_2_0_0"; "kernel_e2e"; "dac"; "full"] @@ -2076,7 +2077,7 @@ module Tx_kernel_e2e = struct let test_tx_kernel_e2e_with_dac_observer_missing_pages = let commitment_period = 10 in let challenge_window = 10 in - let custom_committee_members = [Constant.aggregate_tz4_account] in + let custom_committee_members = [Constant.tz4_account] in Dac_helper.scenario_with_full_dac_infrastructure ~__FILE__ ~tags:["wasm"; "kernel"; "wasm_2_0_0"; "kernel_e2e"; "dac"; "full"] @@ -2290,7 +2291,7 @@ module Api_regression = struct in let request_body = Dac_rpc.V0.make_put_dac_member_signature_request_body - ~dac_member_pkh:member.aggregate_public_key_hash + ~dac_member_pkh:member.public_key_hash ~root_hash signature in @@ -2321,7 +2322,7 @@ module Api_regression = struct coordinator_node (Dac_rpc.V0.put_dac_member_signature ~hex_root_hash:root_hash - ~dac_member_pkh:member.aggregate_public_key_hash + ~dac_member_pkh:member.public_key_hash ~signature) in (* Test starts here. *) -- GitLab From 95db389a43f343e5fbb1725c998be6e7e75e0f5e Mon Sep 17 00:00:00 2001 From: Sylvain Ribstein Date: Fri, 2 Aug 2024 11:15:29 +0200 Subject: [PATCH 2/3] client/wallet: add `aggregate_encrypted` scheme to be backward compatible --- src/lib_client_base_unix/client_main_run.ml | 14 ++++++++++++++ src/lib_signer_backends/encrypted.ml | 18 ++++++++++++++---- src/lib_signer_backends/encrypted.mli | 6 ++++++ src/lib_signer_backends/test/test_encrypted.ml | 13 +++++++------ src/lib_signer_backends/unencrypted.ml | 2 ++ src/lib_signer_backends/unencrypted.mli | 2 ++ tezt/lib_tezos/dac_helper.ml | 1 + 7 files changed, 46 insertions(+), 10 deletions(-) diff --git a/src/lib_client_base_unix/client_main_run.ml b/src/lib_client_base_unix/client_main_run.ml index 0f00e56ffc42..dc06ed167f3e 100644 --- a/src/lib_client_base_unix/client_main_run.ml +++ b/src/lib_client_base_unix/client_main_run.ml @@ -121,9 +121,23 @@ let register_default_signer ?other_registrations ?logger let module Socket = Tezos_signer_backends_unix.Socket.Make (Remote_params) in Client_keys.register_signer (module Tezos_signer_backends.Encrypted.Make (struct + let scheme = Tezos_signer_backends.Encrypted.scheme + + let cctxt = cctxt + end)) ; + Client_keys.register_signer + (module Tezos_signer_backends.Encrypted.Make (struct + let scheme = Tezos_signer_backends.Encrypted.aggregate_scheme + let cctxt = cctxt end)) ; Client_keys.register_signer (module Tezos_signer_backends.Unencrypted) ; + Client_keys.register_signer + (module struct + include Tezos_signer_backends.Unencrypted + + let scheme = Tezos_signer_backends.Unencrypted.aggregate_scheme + end) ; Client_keys.register_signer (module Tezos_signer_backends_unix.Ledger.Signer_implementation) ; Client_keys.register_signer (module Socket.Unix) ; diff --git a/src/lib_signer_backends/encrypted.ml b/src/lib_signer_backends/encrypted.ml index 7f96b40d996d..5ac98b89f231 100644 --- a/src/lib_signer_backends/encrypted.ml +++ b/src/lib_signer_backends/encrypted.ml @@ -42,6 +42,14 @@ open Client_keys let scheme = "encrypted" +let aggregate_scheme = "aggregate_encrypted" + +(* aggregate_scheme is here for backward_compatible reason. There was + once a `aggregate_encrypted` signer before `tz4` keys were + added. *) +let is_valid_scheme uri = + Uri.scheme uri = Some scheme || Uri.scheme uri = Some aggregate_scheme + module Raw = struct (* https://tools.ietf.org/html/rfc2898#section-4.1 *) let salt_len = 8 @@ -322,7 +330,7 @@ let decrypt_all (cctxt : #Client_context.io_wallet) = let* () = password_file_load cctxt in List.iter_es (fun (name, sk_uri) -> - if Uri.scheme (sk_uri : sk_uri :> Uri.t) <> Some scheme then return_unit + if not (is_valid_scheme (sk_uri : sk_uri :> Uri.t)) then return_unit else let* _ = internal_decrypt_simple cctxt ~name sk_uri in return_unit) @@ -335,7 +343,7 @@ let decrypt_list (cctxt : #Client_context.io_wallet) keys = List.iter_es (fun (name, sk_uri) -> if - Uri.scheme (sk_uri : sk_uri :> Uri.t) = Some scheme + is_valid_scheme (sk_uri : sk_uri :> Uri.t) && (keys = [] || List.mem ~equal:String.equal name keys) then let* _ = internal_decrypt_simple cctxt ~name sk_uri in @@ -437,7 +445,7 @@ let decrypt_sapling_key (cctxt : #Client_context.io) (sk_uri : sapling_uri) = let open Lwt_result_syntax in let uri = (sk_uri :> Uri.t) in let payload = Uri.path uri in - if Uri.scheme uri = Some scheme then + if is_valid_scheme uri then let* password = cctxt#prompt_password "Enter password to decrypt your key: " in @@ -463,10 +471,12 @@ let decrypt_sapling_key (cctxt : #Client_context.io) (sk_uri : sapling_uri) = | Some sapling_key -> return sapling_key module Make (C : sig + val scheme : string + val cctxt : Client_context.io_wallet end) = struct - let scheme = "encrypted" + let scheme = C.scheme let title = "Built-in signer using encrypted keys." diff --git a/src/lib_signer_backends/encrypted.mli b/src/lib_signer_backends/encrypted.mli index 02b41007168d..ef97a1f375b8 100644 --- a/src/lib_signer_backends/encrypted.mli +++ b/src/lib_signer_backends/encrypted.mli @@ -23,7 +23,13 @@ (* *) (*****************************************************************************) +val scheme : string + +val aggregate_scheme : string + module Make (C : sig + val scheme : string + val cctxt : Client_context.io_wallet end) : Client_keys.SIGNER diff --git a/src/lib_signer_backends/test/test_encrypted.ml b/src/lib_signer_backends/test/test_encrypted.ml index 5bcab54f342a..78411f6ca325 100644 --- a/src/lib_signer_backends/test/test_encrypted.ml +++ b/src/lib_signer_backends/test/test_encrypted.ml @@ -109,9 +109,8 @@ let fake_ctx () : Client_context.io_wallet = fun _ -> Lwt_result_syntax.return_none end -let make_sk_uris = - List.map_e (fun path -> - Client_keys.make_sk_uri (Uri.make ~scheme:"encrypted" ~path ())) +let make_sk_uris ?(scheme = "encrypted") = + List.map_e (fun path -> Client_keys.make_sk_uri (Uri.make ~scheme ~path ())) let ed25519_sks = [ @@ -165,8 +164,9 @@ let bls12_381_sks = "BLsk1rgztT2EBdQ2vtyXkTzgwmEjabvZri3c7tLHQtDmgH695mcWUt"; ] -let bls12_381_sks_encrypted = +let bls12_381_sks_encrypted ~scheme = make_sk_uris + ~scheme [ "BLesk1ExnCaFxVcGFvKFQrPs2AADo2KpukB6bhA8SLASRzZ58uqvSNUNyzdNdya5NPgE1BAFwcN3wtyFv76r1GJ9"; "BLesk1c92TTyYAbkt5Aa2g2puGZHy1M9hQVX7um7PYpxfsjbaaiYsqR2ahArH53WGSvbvzUBizgPipMyfmh8bCs5"; @@ -189,13 +189,14 @@ let test_vectors () = in let*? l = encrypted_sks in let* decs = List.map_es (decrypt ctx) l in - assert (decs = sks) ; + assert (List.equal Tezos_crypto.Signature.Secret_key.equal decs sks) ; return_unit) [ (ed25519_sks, ed25519_sks_encrypted); (secp256k1_sks, secp256k1_sks_encrypted); (p256_sks, p256_sks_encrypted); - (bls12_381_sks, bls12_381_sks_encrypted); + (bls12_381_sks, bls12_381_sks_encrypted ~scheme:"encrypted"); + (bls12_381_sks, bls12_381_sks_encrypted ~scheme:"aggregate_encrypted"); ] let test_random algo = diff --git a/src/lib_signer_backends/unencrypted.ml b/src/lib_signer_backends/unencrypted.ml index 7c1821da9867..d3d4cef8673e 100644 --- a/src/lib_signer_backends/unencrypted.ml +++ b/src/lib_signer_backends/unencrypted.ml @@ -27,6 +27,8 @@ include Client_keys.Signature_type let scheme = "unencrypted" +let aggregate_scheme = "aggregate_unencrypted" + let title = "Built-in signer using raw unencrypted keys." let description = diff --git a/src/lib_signer_backends/unencrypted.mli b/src/lib_signer_backends/unencrypted.mli index 748254cb7597..6872ab0c4127 100644 --- a/src/lib_signer_backends/unencrypted.mli +++ b/src/lib_signer_backends/unencrypted.mli @@ -25,6 +25,8 @@ include Client_keys.SIGNER +val aggregate_scheme : string + val make_pk : Signature.public_key -> Client_keys.pk_uri tzresult val make_sk : Signature.secret_key -> Client_keys.sk_uri tzresult diff --git a/tezt/lib_tezos/dac_helper.ml b/tezt/lib_tezos/dac_helper.ml index 54330775ede7..9d949cdd4e9e 100644 --- a/tezt/lib_tezos/dac_helper.ml +++ b/tezt/lib_tezos/dac_helper.ml @@ -245,6 +245,7 @@ let scenario_with_full_dac_infrastructure ?supports ?(tags = ["dac"; "full"]) let* keys in let* key = Client.gen_and_show_keys + ~sig_alg:"bls" ~alias:(Format.sprintf "committee-member-%d" i) client in -- GitLab From 1b82d8188699e19f5c0f3bc63cef661ea0c4a145 Mon Sep 17 00:00:00 2001 From: Sylvain Ribstein Date: Thu, 5 Sep 2024 15:25:04 +0200 Subject: [PATCH 3/3] client: changelog for the removal of bls keys cmd All keys are still usable using usual command. --- CHANGES.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index f8e0d307e4ef..6f5ab9c49081 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -137,6 +137,11 @@ Client Michelson-related commands, now allow file names as argument. (MR :gl:`!13311`) +- **Breaking change** Removed all bls key related command in favor of + generics one. All keys that were generated with ``bls gen keys`` can + be used with usual command of the octez-client (``list``, ``known``, + ``sign``, ...). (MR :gl:`!14417`) + - **Breaking change** Removed read-write commands specific to Oxford. (MR :gl:`!13799`) - **Breaking changes** client's encoding with legacy attestation name are no -- GitLab